用户通过过滤同一个Partner User后看到的结果不一样,和Support交涉后(见 Help文档),发现要使Partner User看报表时自定义过滤条件不被移除,必须将报表用到的对象的OWD设为Private才行,调研后发现缩紧Activity OWD权限后对那些通过Manual和Team共享的用户来说,影响不大。
In Salesforce.com, for Activity objects (Task & Event), there are only 2 options in the Organization-Wide Defaults sharing setting:
- Controlled by Parent
- Private
Private
Only the activity owner (label as Assigned To), and users above the activity owner in the role hierarchy can edit and delete the activity.
Users with read access to the record to which the activity is associated (Name and Related To) can view and report on the activity.
Controlled by Parent
A user can perform an action (such as view, edit, transfer, and delete) on an activity based on whether he or she can perform that same action on the records associated with the activity.
For example, if a task is associated with the Acme account and John Smith's contact, then a user can only edit that task if he or she can also edit the Acme account and the John Smith record.
Parent of the activity record is:
- Who Id (Name): Contact and Lead
- What Id (Related to): Account, Opportunity, Asset, Campaign, Case, including a custom object with Allow Activities enabled.
To edit task, users need to have Edit Tasks permission defined in the Profile or Permission Sets and to edit event, users need to have Edit Events permission defined in the Profile or Permission Sets. Both permission located under General User Permissions in the profile or this permission also can be assigned to specific users.
When users create a task/event, regardless of the parent of task / event owner, the default task/event will be assigned to the current user, not based on parent record owner.
When a user assigned to a task/event, user able to access and edit the task/event (again users need to have Edit Tasks/Edit Events permission to edit task/event), regardless the OWD sharing setting for Activity, even user do not have access to the parent record of that Activity record. This includes users in the higher role-hierarchy of the assigned user.
Permissions related to
View an activity:
- Be assigned to the activity, or
- Be above the user assigned to the activity in the role hierarchy, or
- Have at least read access to the record to which the activity is associated, or
- Have the “View All” object-level permission in the related record, where the sharing model for that record is “Controlled By Parent,” or
- Have the “View All Data” permission
Create an activity:
- Have the “Edit Tasks” and “Edit Events” permissions; AND
- Have at least read access to a record, if associating the activity with another record
Edit or Delete an activity:
- Have the “Edit Tasks” and “Edit Events” permissions AND
- Be assigned to the activity, or
- Be above the user assigned to the activity in the role hierarchy, or
- Have the “Modify All” object-level permission in the related record, where the sharing model for that record is “Controlled By Parent,” or
- Have the “Modify All Data” permission
View, add, and edit events on other users’ calendars
- Have the “Edit Tasks” and “Edit Events” permissions to create and edit activities AND
- Have access to the user’s calendar, which depends on your organization-wide calendar sharing defaults and how the user has set up individual calendar sharing.
Note:
Events marked as private via the Private checkbox are accessible only by the user assigned to the event. Other users cannot see the event details when viewing that user’s calendar.
However, users with the “View All Data” or “Modify All Data” permission can see private event details in reports and searches, or when viewing other users’ calendars.
If your organization disables the Grant Access Using Hierarchies option, activities associated with a custom object are still visible to users above the activity's assignee in the role hierarchy.
Tip:
The user who is assigned to an activity in the Assigned To field is often referred to as the “activity owner”.
【项目经验】:IsVisibleInSelfService
在实际项目中,项目的复杂度远远超出了上面文章知识所能覆盖到的,比如我们仍然需要考虑Role Hierarchy包含Internal Role和Portal Role,在internal user间,portal user间以及internal 与 portal user间Task依然需要做到正确的共享。这时就需要结合Task上的IsVisibleInSelfService字段,我们不妨看下下图的调研结果:
上图主要强调了IsVisibleInSelfService字段对Task的Visibility影响,在实际项目中可以通过trigger默认设置为true来满足常规期待。
另外对于Event,该对象有一个Public的选框,可以让用户决定是否将其私人Event与其他不拥有该记录的成员共享。如果Public不勾选,对于上文提到的myLead01,即使Service Team能访问该Lead,那么Service Team创建的Private Event对Sales Team以及其上级是不可见的。
Reference:
扫一扫
2131
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
